Hi, I'm implementing SPNEGO & Kerberos authentication in our application's webserver code and have it working fine when the KDC is Active Directory. I'm now testing it with an MIT KDC instance and when I attempt to authenticate a user who has a ticket from that KDC I get a GSS_S_CONTINUE_NEEDED status when I call gss_accept_sec_context...
My understanding was that this couldn't happen for kerberos authentication though, and the GSS_S_CONTINUE_NEEDED is only for other potential authentication types. For example, when I was investigating other implementations the mod_auth_kerb module in the apache webserver and the kerberos module for the flask webserver both ignore the possibility of continuation and in the apache webserver it has this comment "This is a _Kerberos_ module so multiple authentication rounds aren't supported. If we wanted a generic GSS authentication we would have to do some magic with exporting context etc." I haven't tried to implement the continuation of the context yet, because it will be a fair amount of work, so I thought I'd email the group to ask whether it's likely that there is just a problem with my setup, or if I'm mistaken and it is possible to get a continue_needed when working with Kerberos? Thanks, Jordan -- View this message in context: http://kerberos.996246.n3.nabble.com/GSS-S-CONTINUE-NEEDED-when-doing-Kerberos-authentication-tp45900.html Sent from the Kerberos - General mailing list archive at Nabble.com. ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
